Netia SA, the second telecom company hacked by a Ukrainian hacker

A Ukrainian Hacker has breached the servers of the Polish Telecom Company Netia SA and leaked on an underground forum the stolen data.

A Ukrainian hacker going by the pseudonym of Pravy Sektor has hacked the servers of Poland’s telecom company Netia SA, the second largest telecom company in the country. The hackers stole personal details of customers of Netia SA and leaked it on an underground forum.

Netia SA admitted the data breach but clarified that only specific amount of data has been stolen by the hacker.

“Dear Sir or Madam,

immediately announce that on 7 July 2016. netia.pl website was attacked by hackers. A breach of personal data that you passed through forms on netia.pl

We wish to emphasize that the data of customers and cooperating companies are secured by the experts of the Company, which supports the additional, highly qualified, external advisory team.

Passwords and logins to the self-service portal NetiaOnline are safe, there is no need to take any additional action on the part of customers.” reads the press release published by the company.

“As a result of the hack have been compromised the personal data of subscribers Netia SA or potential customers who are natural persons. As a result of the attack, hackers gained access to user data transmitted through the service netia.pl (contact form and a form of electronic contract).According to the Company’s knowledge, illegally obtained personal data have been published on the Internet and became publicly available.”

Login credentials for self-service portal NetiaOnline were not affected  by the attack, the company is working to secure customers whom data has been exposed.

The hacker breached the company systems at 11:03 a.m. on July 7th and blocked the access the web site until late in the evening.

Company spokeswoman Lidia Marcinkowska confirmed the hackers may have gained access to some customers’ data because the breached server contained data submitted via Netia’s website by people wanting to contact the telecom operator.

The data were first discovered by Yogev Mizrahi, head of cyber security team at Hacked-DB, the cyber security expert Oren Yaakobi who analyzed it confirmed that the trove of information is far greater than what the Netia SA claims. The dumped data is about a 14GB archive.

Colleagues at HackRead published an exclusive analysis of stolen data conducted by Hacked-DB.

The hacker leaked online several SQL files extracted from the investor.netia.pl domain, the stolen data includes several database files.

“There are several database files including sales DB that contains records such as Blue Media transactions, device and product offers, IP Block Lead and IP TradeDoubler. There’s also an SQL file containing 342,000 lines and contains data such as first and last name, home address and IP address. The data was last updated in 2014.” reported HackRead.

The leaked data include clients formation and publication information such as full names, email addresses, home address, street address, city, area codes, phone numbers, and IP addresses.

The leaked archive also includes data related to users’ connections, a 9GB file size Log file containing, session ID, IP address, agent type, browser and the operating system details of users.

The hacker has also dumped 615,525 unique email addresses including 150,440 emails from Poland’s sixth-largest web portal Wirtualna, 118,989 Gmail email addresses, 64,000 email addresses of O2 users.

The company is investigating the data breach, at the time I was writing there is no news regarding the technique adopted by the hacker to breach the company.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Netia SA, data breach)